CVE-2022-29041

Опубликовано: 12 апр. 2022

Источник: redhat

CVSS3: 6.4

Описание

Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the name and description of Jira Issue and Jira Release Version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

A flaw was found in the Jenkins Jira plugin. The Jenkins Jira plugin does not escape the name and description of a Jira Issue and Jira Release Version parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat OpenShift Container Platform 3.11	jenkins-2-plugins	Not affected
Red Hat OpenShift Container Platform 4.10	jenkins-2-plugins	Fixed	RHSA-2022:1600	02.05.2022
Red Hat OpenShift Container Platform 4.9	jenkins-2-plugins	Fixed	RHSA-2022:2205	18.05.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2074850Jira: Stored XSS vulnerabilities in Jenkins Jira plugin

6.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-29041

CVSS3: 5.4

nvd

почти 4 года назад

GHSA-m3p3-2gp6-ghq8

CVSS3: 5.4

github

почти 4 года назад

Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin

6.4 Medium

CVSS3